10
Update Secure Boot? (lemmy.ml)
submitted 2 weeks ago by [email protected] to c/[email protected]
3 comments fedilink hide all child comments

GNOME Software tells me that there is a "Secure Boot dbx Configuration Update;" in the description below it reads:

"UEFI Secure Boot Forbidden Signature Database"

"This updates the list of forbidden signatures (the "dbx") to the latest release from Microsoft."

"An insecure version of Howyar's SysReturn software was added, due to a security vulnerability that allowed an attacker to bypass UEFI Secure Boot."

GNOME Firmware tells me that this update is not removeable or reversible, and I dimly remember there being something bad (perhaps incorrectly) about Secure Boot. So, what do you think, should I update it or ignore it?

top 3 comments
sorted by: hot top new old
[-] [email protected] 6 points 2 weeks ago

If you don't use Secure Boot, it won't affect you at all. If you do, it just adds a signature to the blacklist so that it cannot be used to bypass it.

Bad analogy:
If your key gets stolen, you might want to get your locks changed. But if you don't lock the door, you don't need to worry about that.

Do what you want, this update shouldn't affect you, whether you install it or not.

[-] [email protected] 4 points 2 weeks ago

Thank you! ๐Ÿ™‚

[-] [email protected] 3 points 2 weeks ago

No problem!

Linux supports encrypting disk (SSD, HDD, etc.) contents, similiar to Windows' BitLocker, called LUKS. This can be combined with a TPM chip on the motherboard to automatically unlock the drive without a password/hardware key, like Windows. But this requires Secure Boot to validate that the operating system you're booting is "trusted". It can have a few other benefits, but this is the main one for many.

If you use Secure Boot without the update, someone who has access to the stolen key can use it to mark anything as trusted, to sidestep all protections Secure Boot grants & decrypt your data. The update just marks the stolen key as untrusted.

Note that without encryption, if your device or disk is stolen, the thief can access all data stored on the disk, just like on Windows without BitLocker. Though, as Microsoft refuses to support most file systems used by Linux, a non-techy thief might have a hard time extracting your files, but that is definitely not something you should count on.

this post was submitted on 22 May 2025
10 points (91.7% liked)

Linux Mint

2449 readers
5 users here now

Linux Mint is a free Linux-based operating system designed for use on desktop and laptop computers.

Want to see the latest news from the blog? Set the Firefox homepage to:

linuxmint.com/start/

where is a current or past release. Here's an example using release 21.1 'Vera':

https://linuxmint.com/start/vera/

founded 4 years ago
MODERATORS
[email protected]